Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/imGGQqAv0qn-u_ol0-l6GY0n4Tc.roa
File:                     imGGQqAv0qn-u_ol0-l6GY0n4Tc.roa (raw, json)
Hash identifier:          n4fbKz0kOj31YT7yjtAxoulKaN4WfbRrztkSfx/vbqs=
Subject key identifier:   8A:61:86:42:A0:2F:D2:A9:FE:BB:FA:25:D3:E9:7A:19:8D:27:E1:37
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019DBF1A05D5DACABC24659EBDA8890F52A9
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/imGGQqAv0qn-u_ol0-l6GY0n4Tc.roa
Signing time:             Fri 24 Apr 2026 10:47:26 +0000
ROA not before:           Fri 24 Apr 2026 10:47:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        45.155.65.0/24 maxlen: 24
                          193.200.78.0/24 maxlen: 24
                          2a10:3c81::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:1a:05:d5:da:ca:bc:24:65:9e:bd:a8:89:0f:52:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 24 10:47:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a618642a02fd2a9febbfa25d3e97a198d27e137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:52:eb:ae:7f:69:e6:eb:32:5b:6b:c0:72:19:
                    b6:9b:67:c0:6c:3c:6f:fe:45:46:75:b6:6b:3c:97:
                    27:d6:c4:0d:ca:ba:c1:cd:2f:33:57:68:7d:33:d0:
                    8e:14:9b:9f:9a:d6:0c:d2:9a:00:8c:b8:83:bd:a7:
                    d6:43:f4:84:0c:7e:81:8b:45:c6:00:db:9e:e8:39:
                    4b:f9:36:ad:e3:32:52:44:7d:ed:43:90:6e:53:6f:
                    4c:e2:ae:22:ff:71:d2:c4:e2:c0:11:77:91:73:5c:
                    ff:13:1a:ea:0b:93:c0:bb:12:6b:66:15:48:c1:a8:
                    4a:b7:98:80:ed:7b:e7:57:04:bc:32:17:05:9c:0a:
                    99:1e:7a:4c:9c:f7:42:33:73:85:7a:1e:d7:23:d1:
                    50:44:53:e0:64:d7:2c:1a:46:19:bb:f7:e7:ba:ec:
                    5a:6b:33:47:bd:60:6e:84:65:31:9e:7f:c0:bb:71:
                    64:09:af:8e:73:e4:20:16:73:31:12:82:e0:30:ae:
                    19:92:3c:c1:bf:2b:25:53:50:e4:de:ac:aa:70:0d:
                    c4:88:3c:11:28:80:f1:78:c3:78:81:22:f1:f2:35:
                    ed:72:2f:6b:41:d1:89:86:2b:f4:36:9d:fa:06:1a:
                    84:a2:39:67:60:34:16:ed:6e:f2:4f:70:ac:a8:65:
                    6e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:61:86:42:A0:2F:D2:A9:FE:BB:FA:25:D3:E9:7A:19:8D:27:E1:37
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/imGGQqAv0qn-u_ol0-l6GY0n4Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.65.0/24
                  193.200.78.0/24
                IPv6:
                  2a10:3c81::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:35:11:57:c3:9e:3e:d1:fc:73:88:d6:20:cb:63:2c:cc:e1:
         f8:ba:cd:e8:41:99:5c:34:fc:83:8a:1d:56:fc:89:5d:41:08:
         3f:c9:d6:91:54:81:62:91:11:d4:96:72:74:89:3f:41:23:bc:
         99:54:50:2a:db:6e:df:99:63:4c:0f:43:9e:97:90:60:89:cd:
         e6:74:62:29:8e:d5:4d:09:61:b0:a7:99:29:08:03:c2:47:a1:
         2c:d2:2b:a3:bf:87:08:43:a4:b6:b6:5a:06:f6:b6:f7:5f:dc:
         49:78:3c:5e:7f:ec:34:2a:46:6e:8f:40:05:dd:a7:ba:28:78:
         e0:53:c0:1d:fb:5d:41:3d:00:59:39:05:f1:57:33:86:79:9f:
         f1:da:c4:60:54:14:24:e8:5c:88:49:54:44:6d:47:b8:e8:fd:
         fd:7f:c9:f5:5a:16:51:88:55:9f:75:c0:e8:5b:3f:54:6d:b8:
         5a:78:00:63:e9:64:76:62:6c:cc:e8:0a:7a:c3:fe:47:ab:bc:
         a9:b0:3c:39:f2:d0:68:8d:13:e0:de:12:d6:b5:b0:00:35:24:
         45:53:b6:e3:7a:3a:13:71:32:ad:4b:c2:18:97:53:bb:75:a7:
         a2:7e:b8:3a:1a:d1:1e:8e:37:dc:46:ce:0d:fd:1d:ee:89:14:
         ee:63:1d:d3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ2/GgXV2sq8JGWevaiJD1KpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDI0MTA0NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTYxODY0MmEwMmZkMmE5ZmViYmZhMjVkM2U5N2ExOThkMjdlMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFLrrn9p5usyW2vAchm2m2fAbDxv
/kVGdbZrPJcn1sQNyrrBzS8zV2h9M9COFJufmtYM0poAjLiDvafWQ/SEDH6Bi0XG
ANue6DlL+Tat4zJSRH3tQ5BuU29M4q4i/3HSxOLAEXeRc1z/ExrqC5PAuxJrZhVI
wahKt5iA7XvnVwS8MhcFnAqZHnpMnPdCM3OFeh7XI9FQRFPgZNcsGkYZu/fnuuxa
azNHvWBuhGUxnn/Au3FkCa+Oc+QgFnMxEoLgMK4ZkjzBvyslU1Dk3qyqcA3EiDwR
KIDxeMN4gSLx8jXtci9rQdGJhiv0Np36BhqEojlnYDQW7W7yT3CsqGVuoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIphhkKgL9Kp/rv6JdPpehmNJ+E3MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaW1HR1FxQXYwcW4tdV9vbDAtbDZHWTBuNFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALZtBAwQA
wchOMA0EAgACMAcDBQAqEDyBMA0GCSqGSIb3DQEBCwUAA4IBAQCpNRFXw54+0fxz
iNYgy2MszOH4us3oQZlcNPyDih1W/IldQQg/ydaRVIFikRHUlnJ0iT9BI7yZVFAq
227fmWNMD0Oel5Bgic3mdGIpjtVNCWGwp5kpCAPCR6Es0iujv4cIQ6S2tloG9rb3
X9xJeDxef+w0KkZuj0AF3ae6KHjgU8Ad+11BPQBZOQXxVzOGeZ/x2sRgVBQk6FyI
SVREbUe46P39f8n1WhZRiFWfdcDoWz9UbbhaeABj6WR2YmzM6Ap6w/5Hq7ypsDw5
8tBojRPg3hLWtbAANSRFU7bjejoTcTKtS8IYl1O7daeifrg6GtEejjfcRs4N/R3u
iRTuYx3T
-----END CERTIFICATE-----